SIPBIO : biometrics SIP extension

During the last few decades biometric technologies have become an important research field in computer security. Their deployment, however, in heterogeneous enterprise systems, is complex due to the lack of standardisation. Session Initiation Protocol (SIP) is a popular communication protocol widely used in voice over Internet protocol networks; due to its flexibility, SIP has been broadly adopted in telecommunications for carrier level and telephony systems. This thesis proposes the use of SIPBIO, an extension to SIP, to establish and control multimedia sessions for biometric interactions. For biometric usage in telecommunications networks, a synthesis of techniques to use human characteristics as challenge tokens for access to network resources is first presented. An overview of the SIP protocol is then exposed, by focusing on understanding SIP messages and their component elements. Posteriorly, advanced concepts, such as extensions to the default protocol are introduced. After the technology background review, the core of the proposal is presented with extensive use-case scenarios of biometric operations and the introduction of necessary SIPBIO requirements. Formal processes are defined along with the method to extend SIP to the proposed SIPBIO protocol. It follows a detailed outline of all headers and body components that give form to SIPBIO and define its nature. These stages provide the fundamentals for the protocol implementation. Finally, simulations of some common cases are presented to show the feasibility of SIPBIO. This can be used as a sample flow for full implementations and applications. This thesis corroborates the viability of using a SIP-based protocol for establishing, maintaining and tearing down biometric multimedia sessions

Contributions to privacy protection for ubiquitous computing

El desenvolupament de noves tecnologies ha introduït el concepte de Computació Ubiqua, a on els objectes que ens envolten poden tenir processadors integrats i establir la comunicació amb altres sistemes, amb la finalitat d'oferir serveis personalitzats per ajudar-nos amb les nostres tasques habituals. No obstant això, a causa de que és possible tenir ordinadors en gairebé qualsevol lloc o objecte, això ha obert noves discussions sobre temes tals com la privadesa i la seguretat, considerats des de diferents punts de vista, com el desenvolupaments jurídics, socials, econòmics i tecnològics, amb una importància cada vegada major al món actual. En aquesta tesi discutim i analitzem algunes de les principals qüestions de seguretat i privadesa a les tecnologies actuals, tals com a telèfons intel·ligents, dispositius RFID o ciutats intel·ligents, i proposem alguns protocols per fer front a aquests temes garantint la privadesa dels usuaris a tot moment.El desarrollo de nuevas tecnologías ha introducido el concepto de Computación Ubicua , en donde los objetos que nos rodean pueden tener procesadores integrados y establecer la comunicación con otros sistemas, con el fin de ofrecer servicios personalizados para ayudarnos con nuestras tareas habituales. Sin embargo, debido a que es posible tener ordenadores en casi cualquier lugar u objeto, esto ha abierto nuevas discusiones sobre temas tales como la privacidad y la seguridad, considerado desde diferentes puntos de vista, como el desarrollos jurídicos, sociales, económicos y tecnológicos, con una importancia cada vez mayor en el mundo actual. En esta tesis discutimos y analizamos algunas de las principales cuestiones de seguridad y privacidad en las tecnologías actuales, tales como teléfonos inteligentes, dispositivos RFID o ciudades inteligentes, y proponemos algunos protocolos para hacer frente a estos temas garantizando la privacidad de los usuarios en todo momento.The development of new technologies has introduced the concept of Ubiquitous Computing, whereby the objects around us can have an embedded computer and establish communications with each other, in order to provide personalized services to assist with our tasks. However, because it is possible to have computers almost anywhere and within any object, this has opened up new discussions on issues such as privacy and security, considered from many different views, such as the legal, social, economic and technological development perspectives, all taking an increasingly significant importance in today’s world. In this dissertation we discuss and analyze some of the main privacy and security issues in current technologies, such as smartphones, RFIDs or smart cities, and we propose some protocols in order to face these issues guarantying users' privacy anytime

Advances in Information Security and Privacy

With the recent pandemic emergency, many people are spending their days in smart working and have increased their use of digital resources for both work and entertainment. The result is that the amount of digital information handled online is dramatically increased, and we can observe a significant increase in the number of attacks, breaches, and hacks. This Special Issue aims to establish the state of the art in protecting information by mitigating information risks. This objective is reached by presenting both surveys on specific topics and original approaches and solutions to specific problems. In total, 16 papers have been published in this Special Issue

An Investigation into the Critical Success Factors for E-Banking Frauds Prevention in Nigeria

E-Banking frauds is an issue experienced globally and continues to prove costly to both banks and customers. Frauds in e-banking services occur due to various compromises in security, ranging from weak authentication systems to insufficient internal controls. Although some security frameworks to address this issue of fraud have been proposed, the problem of e-banking fraud remains due to the inability of these framework to deal with organisational issues. With limited research in this area, the study sets out to identify the organisational Critical Success Factors (CSF) for E-Banking Frauds Prevention in Nigeria by applying CSF theory. A framework is proposed to help improve security from an organisational perspective. The study adopted a mixture of philosophical paradigms which led to the triangulation of research methods; Literature Review, Survey and Case Studies. The Literature Review involved the synthesis of existing literature and identified potential CSF for frauds prevention in e-banking. A total of 28 factors were identified and a conceptual framework was proposed. A 5-point Likert scale survey questionnaire was sent to retail bank staff in Nigeria to rate the criticality of the factors. A total of 110 useable responses were received at a response rate of 23.9%. Similar interrelated factors were grouped using a Principal Component Analysis. Finally, case studies with 4 banks in Nigeria were carried out to deepen our understanding. The study identified a total of 10 CSF which spanned across strategic, operational and technological factor categories. These included ‘Management Commitment’, ‘Engagement of Subject Matter Experts’ and ‘Multi-Layer Authentication’ amongst others. In addition, new CSF such as ‘Risk-Based Transactional Controls’, ‘People Awareness & Training’ and ‘Bank Agility via Data Driven Decision Making’ were identified. Finally, these CSF were grouped into an e-banking frauds prevention framework. This study is a pioneer study that extends theory to propose a CSF-based frauds prevention framework for banks in Nigeria

Electronic Evidence and Electronic Signatures

In this updated edition of the well-established practitioner text, Stephen Mason and Daniel Seng have brought together a team of experts in the field to provide an exhaustive treatment of electronic evidence and electronic signatures. This fifth edition continues to follow the tradition in English evidence text books by basing the text on the law of England and Wales, with appropriate citations of relevant case law and legislation from other jurisdictions. Stephen Mason (of the Middle Temple, Barrister) is a leading authority on electronic evidence and electronic signatures, having advised global corporations and governments on these topics. He is also the editor of International Electronic Evidence (British Institute of International and Comparative Law 2008), and he founded the innovative international open access journal Digital Evidence and Electronic Signatures Law Review in 2004. Daniel Seng (Associate Professor, National University of Singapore) is the Director of the Centre for Technology, Robotics, AI and the Law (TRAIL). He teaches and researches information technology law and evidence law. Daniel was previously a partner and head of the technology practice at Messrs Rajah & Tann. He is also an active consultant to the World Intellectual Property Organization, where he has researched, delivered papers and published monographs on copyright exceptions for academic institutions, music copyright in the Asia Pacific and the liability of Internet intermediaries

Analysis of designed and emergent consequences of mobile banking usage by SME’s in Kenya using ethnographic decision tree modeling

Includes bibliographical references.Evaluating the impact of Information and Communications Technologies for Development (ICT4D) has been a challenge both in terms of theoretical and methodological approaches. It has been pointed out in extant literature that ICT4D impact studies are few compared to those that investigate determinants of adoption. Knowledge of this scarcity and the theoretical and methodological limitations led to the conception of this study. This study set out to investigate the decision criteria evaluated by Kenyan micro, small and medium enterprises (MSMEs) when making the initial mobile banking adoption and usage decisions with a view to unearth the designed and emergent consequences. Ethnographic decision tree modelling (EDTM) which is a cognitive research methodology was feasibly employed to obtain the adoption and usage decision criteria from which quantifiable and non-quantifiable consequences were then inferred. Structuration theory was used as a theoretical lens to view the complex context in which mobile banking is embedded and adopted by MSMEs. The analysis of the empirical data obtained from the MSMEs led to the construction and testing of three decision models from which the study’s theory was developed. The derived theory demonstrates the existence of structurational interactions among decision criteria, antecedents of technology adoption, behavioural intention to adopt, and the designed and emergent consequences of actual usage. The study further reveals that contrary to popular belief and argument that adoption of mobile banking technology lowers financial services cost, Kenyan MSMEs adopt the technology not because of its affordability but because of other factors such as perceived usefulness, accessibility, safe custody of daily income, limited organizational capabilities, perceived ease of use, social capital and trust structures. The derived explanatory-predictive theory provides findings that may have significant implications for fiscal and monetary policymakers, development experts and mobile banking technology designers

Electronic Evidence and Electronic Signatures

In this updated edition of the well-established practitioner text, Stephen Mason and Daniel Seng have brought together a team of experts in the field to provide an exhaustive treatment of electronic evidence and electronic signatures. This fifth edition continues to follow the tradition in English evidence text books by basing the text on the law of England and Wales, with appropriate citations of relevant case law and legislation from other jurisdictions. Stephen Mason (of the Middle Temple, Barrister) is a leading authority on electronic evidence and electronic signatures, having advised global corporations and governments on these topics. He is also the editor of International Electronic Evidence, and he founded the innovative international open access journal Digital Evidence and Electronic Signatures Law Review in 2004. Daniel Seng (Associate Professor, National University of Singapore) is the Director of the Centre for Technology, Robotics, AI and the Law (TRAIL). He teaches and researches information technology law and evidence law. Daniel was previously a partner and head of the technology practice at Messrs Rajah & Tann. He is also an active consultant to the World Intellectual Property Organization, where he has researched, delivered papers and published monographs on copyright exceptions for academic institutions, music copyright in the Asia Pacific and the liability of Internet intermediaries

Foundations of Security Analysis and Design III, FOSAD 2004/2005- Tutorial Lectures

he increasing relevance of security to real-life applications, such as electronic commerce and Internet banking, is attested by the fast-growing number of research groups, events, conferences, and summer schools that address the study of foundations for the analysis and the design of security aspects. This book presents thoroughly revised versions of eight tutorial lectures given by leading researchers during two International Schools on Foundations of Security Analysis and Design, FOSAD 2004/2005, held in Bertinoro, Italy, in September 2004 and September 2005. The lectures are devoted to: Justifying a Dolev-Yao Model under Active Attacks, Model-based Security Engineering with UML, Physical Security and Side-Channel Attacks, Static Analysis of Authentication, Formal Methods for Smartcard Security, Privacy-Preserving Database Systems, Intrusion Detection, Security and Trust Requirements Engineering

An analysis of the relationship between individuals’ perceptions of privacy and mobile phone location data - a grounded theory study

The mobile phone is a ubiquitous tool in today’s society, a daily companion for the majority of British citizens. The ability to trace a mobile phone’s geographic position at all times via mobile phone networks generates potentially sensitive data that can be stored and shared for significant lengths of time, particularly for the purpose of crime and terrorism investigations. This thesis examines the implications of the storage and use of mobile phone location data on individuals’ perceptions of privacy. The grounded theory methodology has been used to illustrate patterns and themes that are useful in understanding the broader discourses concerning location data relating to privacy, technology and policy-setting. The main contribution of this thesis is the development of a substantive theory grounded in empirical data from interviews, mobile phone location tracking and a survey. This theory is specific to a particular area, as it maps the relationship between mobile phone location data and perceptions of privacy within the UK. The theory confirms some arguments in the literature that argue that the concept of privacy is changing with individuals' increased dependence on electronic communications technologies in day-to-day life. However, whilst individuals tend to hold a rather traditional picture of privacy, not influenced by technology and solely related to their own personal lives, scholars paint a picture of privacy that is affected by technology and relates to society as a whole. Digital mass data collections, such as communications data retention, are not perceived as privacy invasive by individuals. Mobile phone location data is not seen as related to a citizen's daily life but instead primarily as a crime investigation tool. A recognition and understanding of the divergence between the perceptions and definitions of privacy between individuals and the academic literature in relation to mobile phone location data is of relevance, as it should impact on future policies regulating the gathering, storage and analysis of personal data